Alt-Svc: quic=":443"; ma=2592000; v="39,38,37,35"
X-Frame-Options: DENY
Date: Tue, 24 Oct 2017 08:27:39 GMT
strict-transport-security: max-age=2592000; includeSubDomains
Cache-Control: private
Vary: Cookie
Content-Security-Policy: script-src 'self' *.googleanalytics.com *.google-analytics.com ajax.googleapis.com code.getmdl.io *.googletagmanager.com; default-src 'self' *.gstatic.com ajax.googleapis.com www.google.com; img-src 'self' data: s.ytimg.com *.googleusercontent.com *.gstatic.com www.google-analytics.com www.google.com storage.googleapis.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com ajax.googleapis.com *.gstatic.com code.getmdl.io; frame-src 'self' www.google.com www.youtube.com accounts.google.com docs.google.com apis.google.com plus.google.com; connect-src 'self' plus.google.com www.google-analytics.com; font-src 'self' themes.googleusercontent.com *.gstatic.com fonts.googleapis.com; report-uri /csp/report/
Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK
Set-Cookie: anoncsrf=hhvl6UsAWP0w71fYD817gR0YJFl4AUvS; expires=Tue, 24-Oct-2017 10:27:39 GMT; httponly; Max-Age=7200; Path=/; secure
Content-Length: 19246
Server: Google Frontend
x-xss-protection: 1; mode=block
Expires: Tue, 24 Oct 2017 08:27:39 GMT
x-content-type-options: nosniff
X-Cloud-Trace-Context: e34938a4f2c9b8ce35bdafed2f8e8198;o=1